» updatetask.exe
Overview
Analysis
File Details
Behaviors (3)
Programs (10)
Network (6)

updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as adware by 6 anti-malware scanners. It is installed as a toolbar in Internet Explore as ‘Zend Studio’. It runs as a scheduled task under the Windows Task Scheduler named DigitalSite triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including Update for Codec Pack by installCore and Update for Zip Opener by installCore, both potentially unwanted software.

File name:

updatetask.exe

MD5:

c7accbe7e79c17f230b44367a8a3ccd2

SHA-1:

f616bb4167cc48d1d46fda59802bd99b75631f44

SHA-256:

e952c964338742cca1f2b7af4caabff11f669225a6d35fd9dceea0384c3164d6

Scanner detections:

6 / 68

Status:

Adware

Explanation:

The update task for the InstallCore download manager.

Analysis date:

11/27/2024 7:45:23 PM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Task.K

188432

Dr.Web

Adware.Downware.1620

9.0.1.0321

ESET NOD32

Win32/DealPly

7.9126

Malwarebytes

PUP.Optional.DigitalSites.A

v2013.11.17.06

Reason Heuristics

PUP.UpdateProc.Task.K

14.3.3.16

Sophos

Generic PUA PG

4.95

File size:

99 KB (101,376 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\digitalsite\updateproc\updatetask.exe

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:KTPrZL/cchPrbaz5SOPHgnMQxHGuJRa8W:KH5cAbrMwLrW

Entry address:

0x14E84

Entry point:

55, 8B, EC, 83, C4, F0, B8, 2C, 4E, 41, 00, E8, 40, FD, FE, FF, 33, C0, 55, 68, 0C, 4F, 41, 00, 64, FF, 30, 64, 89, 20, B8, 58, 6C, 41, 00, BA, 20, 4F, 41, 00, E8, 7B, EC, FE, FF, 83, 3D, 58, 6C, 41, 00, 00, 75, 0F, B8, 58, 6C, 41, 00, BA, 30, 4F, 41, 00, E8, 63, EC, FE, FF, B8, 58, 6C, 41, 00, BA, 40, 4F, 41, 00, E8, 60, EE, FE, FF, 6A, 00, 68, 24, 4C, 41, 00, 68, 70, 4D, 41, 00, 68, A4, 4D, 41, 00, B9, 54, 4F, 41, 00, 8B, 15, 58, 6C, 41, 00, B8, 88, 4F, 41, 00, E8, CA, 74, FF, FF, 33, C0, 5A, 59, 59, 64... 
[+]

Entropy:

6.3781

Developed / compiled with:

Microsoft Visual C++

Code size:

80 KB (81,920 bytes)

Internet Explorer Toolbar

CLSID:

{95188727-288F-4581-A48D-EAB3BD027314}

CLSID name:

Zend Studio

2 Scheduled Tasks

Task name:

DigitalSite

Trigger:

Daily (Runs daily at 6:49 PM)

Task name:

MySearchDial

Trigger:

Daily (Runs daily at 19:15)

The file updatetask.exe has been discovered within the following programs.

Update for Codec Pack by installCore

Update for Codec Pack uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user.

www.installcore.com

88% remove it

Update for Codec Package by installCore

Update for Codec Package is the update mechanism for the Install Core software which is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user.

75% remove it

Update for Image Editor by installCore

Update for Image Editor uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user.

80% remove it

Update for Mipony Download Manager by installCore

Update for Mipony Download Manager is the update mechanism for the Install Core software which is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user.

72% remove it

Update for PDF Creator by installCore

Update for PDF Creator uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user.

83% remove it

Update for PDF Writer by installCore

Update for PDF Writer uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user.

75% remove it

Update for Video Converter by installCore

This uses the InstallCore download Manager. Install Core Click run software is an installer which bundles applications with offers for additional third party programs that may be unwanted by the user incuding toolbars and browser extensions.

88% remove it

Update for Zip Extractor by installCore

Update for Zip Extractor uses the Install Core download Manager. Install Core Click run software is an installer which bundles applications with offers for additional third party programs that may be unwanted by the user including toolbars and browser extensions.

76% remove it

Update for Zip Opener by installCore

The software uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user.

68% remove it

UpdaterEX by installCore

This is a potentially unwanted background updater that is installed with a download manager and connects to info.updaterex.com for additional downloads and updated. The software is typically part of a software download bundle from the Install Core mechanism.

80% remove it

Latest 20 of 10 programs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to bits-lb.esams.wikimedia.org (91.198.174.202:80)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (54.231.0.113:80)

TCP (HTTP):

Connects to ec2-54-245-249-144.us-west-2.compute.amazonaws.com (54.245.249.144:80)

TCP (HTTP):

Connects to ec2-54-225-155-49.compute-1.amazonaws.com (54.225.155.49:80)

TCP (HTTP):

Connects to ec2-54-197-227-159.compute-1.amazonaws.com (54.197.227.159:80)

TCP (HTTP):

Connects to ec2-184-73-153-23.compute-1.amazonaws.com (184.73.153.23:80)

Remove updatetask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.